On Tue, Mar 14, 2023 at 4:34 PM Mark Andrews <ma...@isc.org> wrote:
> > > > On 15 Mar 2023, at 02:08, Alexandra Yang <draya...@gmail.com> wrote: > > > > Hi Group, > > > > I wonder if anyone can shed some light on this, our nameserver(BIND > 9.16.37 )keeps giving error on resolving gpo.gov and ns3.gpo.gov, here > are the errors: > > > > Mar 14 10:23:32 ipam-dns-in-1 named[3713]: validating gpo.gov/SOA: > got insecure response; parent indicates it should be secure > > For some reason you are not getting signed responses. Are you using a > forwarder? > > For what it's worth, I keep getting: Mar 14 23:59:56 cl-dns1 named[19640]: view Caching: validating federalregister.gov/SOA: got insecure response; parent indicates it should be secure Mar 14 23:59:56 cl-dns1 named[19640]: no valid RRSIG resolving ' www.federalregister.gov/DS/IN': 162.140.254.200#53 Mar 14 23:59:56 cl-dns1 named[19640]: view Caching: validating federalregister.gov/SOA: got insecure response; parent indicates it should be secure Mar 14 23:59:56 cl-dns1 named[19640]: no valid RRSIG resolving ' www.federalregister.gov/DS/IN': 162.140.15.100#53 Mar 14 23:59:56 cl-dns1 named[19640]: broken trust chain resolving ' www.federalregister.gov/A/IN': 162.140.15.100#53 ..no forwarders in use. At some point the domain starts to validate as my NTAs drop out unless I use -force, but then it starts to fail again.
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
